﻿using System;
using System.Collections.Generic;
using System.Data;
using System.Data.SqlClient;
using System.Configuration;
using System.Linq;
using System.Text;
using System.Threading.Tasks;

namespace DRHotel_v1.Classes
{
    class LoginDBManager
    {
        public static bool Login(string input_username, string input_password)
        {
            bool successful = false;

            SqlConnection conn = null;
            try
            {
                conn = new SqlConnection();
                conn.ConnectionString = ConfigurationManager.
                    ConnectionStrings["DRHotel_v1.Properties.Settings.DRHotelMngSysConnectionString"].ConnectionString;
                conn.Open();
                SqlCommand cmd = new SqlCommand();
                cmd.Connection = conn;
                cmd.CommandText = "SELECT * FROM Account WHERE username=@username and password=@password";
                cmd.Parameters.AddWithValue("@username", input_username);
                cmd.Parameters.AddWithValue("@password", input_password);
                SqlDataReader dr = cmd.ExecuteReader();
                if (dr.Read()) //dr.Read() will return true if there is at least one row
                {
                    successful = true;
                }
                dr.Close();
                conn.Close();
            }
            catch (SqlException e)
            {
                throw e;
            }
            return successful;
        }

        public static Account GetAccountInfo(string input_username)
        {
            Account ac = new Account();
            SqlConnection conn = null;
            try
            {
                conn = new SqlConnection();
                conn.ConnectionString = ConfigurationManager.ConnectionStrings["DRHotel_v1.Properties.Settings.DRHotelMngSysConnectionString"].ConnectionString;
                conn.Open();
                SqlCommand cmd = new SqlCommand();
                cmd.Connection = conn;
                cmd.CommandText = "SELECT * FROM Account WHERE username=@username";
                cmd.Parameters.AddWithValue("@username", input_username);
                SqlDataReader dr = cmd.ExecuteReader();
                if (dr.Read())
                {
                    ac.username = (string)dr["username"];
                    ac.password = (string)dr["password"];
                    ac.userType = (string)dr["userType"];
                    ac.staffID = Convert.ToInt32(dr["staffID"]);
                }
                dr.Close();
                conn.Close();
            }
            catch (SqlException e)
            {
                throw e;
            }
            return ac;
        }
    }
}
